Compare commits

..

No commits in common. "c691bae4f301c1d0a28d39ed5f33324bff0dc496" and "bd62ef48c2aaba62a34e5e06e20a79a192482c6f" have entirely different histories.

24 changed files with 99 additions and 189 deletions

View File

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1673301561, "lastModified": 1665870395,
"narHash": "sha256-gRUWHbBAtMuPDJQXotoI8u6+3DGBIUZHkyQWpIv7WpM=", "narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "42d371d861a227149dc9a7e03350c9ab8b8ddd68", "rev": "a630400067c6d03c9b3e0455347dc8559db14288",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -89,11 +89,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1673343300, "lastModified": 1672770368,
"narHash": "sha256-5Xdj6kpXYMie0MlnGwqK5FaMdsedxvyuakWtyKB3zaQ=", "narHash": "sha256-iO6Z9blIe8dcPh3VT2nkej9EimORCoskGQR6xNjICWI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "176e455371a8371586e8a3ff0d56ee9f3ca2324e", "rev": "d01e7280ad7d13a5a0fae57355bd0dbfe5b81969",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -151,11 +151,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1673450908, "lastModified": 1672617983,
"narHash": "sha256-b8em+kwrNtnB7gR8SyVf6WuTyQ+6tHS6dzt9D9wgKF0=", "narHash": "sha256-68WDiCBs631mbDDk4UAKdGURKcsfW6hjb7wgudTAe5o=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6c8644fc37b6e141cbfa6c7dc8d98846c4ff0c2e", "rev": "0fc9fca9c8d43edd79d33fea0dd8409d7c4580f4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -198,11 +198,11 @@
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1673490397, "lastModified": 1672712534,
"narHash": "sha256-VCSmIYJy/ZzTvEGjdfITmTYfybXBgZpMjyjDndbou+8=", "narHash": "sha256-8S0DdMPcbITnlOu0uA81mTo3hgX84wK8S9wS34HEFY4=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "0833f4d063a2bb75aa31680f703ba594a384ffe6", "rev": "69fb7bf0a8c40e6c4c197fa1816773774c8ac59f",
"type": "github" "type": "github"
}, },
"original": { "original": {

View File

@ -29,28 +29,8 @@
,... ,...
}@_inputs: let }@_inputs: let
# Context/global stuffs to be passed down # Context/global stuffs to be passed down
# NOTE: this will only read files that are within git tree
# all secrets should go into secrets.nix and secrets/*.age
proj_root = let
path = builtins.toString ./.;
in {
inherit path;
configs.path = "${path}/native_configs";
scripts.path = "${path}/scripts";
secrets.path = "${path}/secrets";
testdata.path = "${path}/tests";
modules.path = "${path}/modules";
hosts.path = "${path}/hosts";
users.path = "${path}/users";
};
# TODO: adapt to different platforms think about different systems later # TODO: adapt to different platforms think about different systems later
system = "x86_64-linux"; system = "x86_64-linux";
overlays = [
rust-overlay.overlays.default
(self: pkgs@{lib,...}: {
lib = pkgs.lib // (import ./lib (_inputs // {inherit pkgs proj_root;}));
})
];
pkgs = import nixpkgs { pkgs = import nixpkgs {
inherit system; inherit system;
overlays = import ./overlays.nix _inputs; overlays = import ./overlays.nix _inputs;
@ -58,13 +38,31 @@
allowUnfree = true; allowUnfree = true;
}; };
}; };
# now, this lib is extremely powerful as it also engulfs nixpkgs.lib
# TODO: I really don't want to extend from nixpkgs.lib because it doesn't extend lib within nixosModule
lib = nixpkgs.lib.extend (self: nixpkgs_lib: (nixpkgs_lib // pkgs.lib));
inputs_w_lib = (pkgs.lib.recursiveUpdate _inputs {
inherit system proj_root pkgs lib;
});
# inject nixpkgs.lib onto c_ (calculus)
_lib = pkgs.lib;
inputs = (_lib.recursiveUpdate {
inherit system;
# NOTE: this will only read files that are within git tree
# all secrets should go into secrets.nix and secrets/*.age
proj_root = let
path = builtins.toString ./.;
in {
inherit path;
configs.path = "${path}/native-configs";
scripts.path = "${path}/scripts";
secrets.path = "${path}/secrets";
testdata.path = "${path}/tests";
modules.path = "${path}/modules";
hosts.path = "${path}/hosts";
users.path = "${path}/users";
};
} _inputs);
inputs_w_pkgs = (_lib.recursiveUpdate {inherit pkgs; lib = pkgs.lib;} inputs);
lib = _lib.recursiveUpdate (import ./lib inputs_w_pkgs) _lib;
# update inputs with our library and past onto our end configurations
inputs_w_lib = (lib.recursiveUpdate {inherit lib;} inputs_w_pkgs);
modules = (import ./modules inputs_w_lib); modules = (import ./modules inputs_w_lib);
hosts = (import ./hosts inputs_w_lib); hosts = (import ./hosts inputs_w_lib);
users = (import ./users inputs_w_lib); users = (import ./users inputs_w_lib);
@ -85,24 +83,18 @@
expected = "for sure"; expected = "for sure";
}; };
}; };
secrets = import ./secrets final_inputs;
in { in {
inherit (hosts) nixosConfigurations; inherit (hosts) nixosConfigurations;
inherit (users) homeConfigurations; # inherit (users) homeConfigurations;
inherit lib proj_root; inherit lib;
devShell."${system}" = import ./dev-shell.nix final_inputs; devShell."${system}" = import ./dev-shell.nix final_inputs;
templates = import ./templates final_inputs; templates = import ./templates final_inputs;
secrets = {
pubKeys = {
hosts = hosts.pubKeys;
users = users.pubKeys;
};
};
unit_tests = lib.runTests unit_tests; unit_tests = lib.runTests unit_tests;
secrets = import ./secrets final_inputs;
debug = { debug = {
inherit final_inputs hosts users modules lib unit_tests pkgs; inherit final_inputs hosts users modules lib inputs_w_pkgs unit_tests pkgs;
}; };
}; };
} }

View File

@ -8,7 +8,6 @@
[ (modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.loader.systemd-boot.enable = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
# boot.initrd.kernelModules = [ "amdgpu" ]; # boot.initrd.kernelModules = [ "amdgpu" ];
boot.initrd.kernelModules = []; boot.initrd.kernelModules = [];

View File

@ -10,13 +10,11 @@ config = {
system = "x86_64-linux"; system = "x86_64-linux";
preset = "base"; preset = "base";
}; };
# TODO: add override so that we can add wsl config on top
bao.nixosConfig = { bao.nixosConfig = {
modules = [ modules = [
(import ../modules/nvgpu.sys.nix) import ../modules/kde.sys.nix
(import ../modules/kde.sys.nix) import ../modules/pulseaudio.sys.nix
(import ../modules/pulseaudio.sys.nix) import ../modules/storage.perso.sys.nix
(import ../modules/storage.perso.sys.nix)
]; ];
}; };
}; };
@ -31,45 +29,36 @@ propagate = hostConfig@{metadata, nixosConfig}: let
preset = lib.attrByPath ["preset"] "base" metadata; preset = lib.attrByPath ["preset"] "base" metadata;
# infer # infer
hardwareConfig = import "${proj_root.hosts.path}/${hostName}/hardware-configuration.nix"; hardwareConfig = import "${proj_root.hosts.path}/${hostName}/hardware-configuration.nix";
# alias to prevent infinite recursion
_nixosConfig = nixosConfig;
in { in {
inherit hostName ssh_pubkey users nixosVersion system preset hardwareConfig; inherit hostName ssh_pubkey users nixosVersion system preset hardwareConfig;
nixosConfig = _nixosConfig // { nixosConfig = nixosConfig // {
inherit system; inherit system;
lib = finalInputs.lib;
modules = [ modules = [
{
config._module.args = {
inherit proj_root;
my-lib = finalInputs.lib;
};
}
hardwareConfig
{ {
system.stateVersion = nixosVersion; system.stateVersion = nixosVersion;
networking.hostName = hostName; networking.hostName = hostName;
users.users = users; users.users = users;
} }
{ {
imports = [agenix.nixosModule]; _module.args = finalInputs;
environment.systemPackages = [agenix.defaultPackage.x86_64-linux];
} }
(import "${proj_root.modules.path}/secrets.nix") import "${proj_root.modules.path}/secrets.nix"
(import "${proj_root.modules.path}/${preset}.sys.nix") import "${proj_root.modules.path}/${preset}.sys.nix"
] ++ _nixosConfig.modules; ] ++ nixosConfig.modules;
}; };
}; };
# we are blessed by the fact that we engulfed nixpkgs.lib.* at top level
mkHostFromPropagated = propagatedHostConfig@{nixosConfig,...}: nixpkgs.lib.nixosSystem nixosConfig; mkHostFromPropagated = propagatedHostConfig@{nixosConfig,...}: nixpkgs.lib.nixosSystem nixosConfig;
<<<<<<< HEAD
mkHost = hostConfig: (lib.pipe [propagate mkHostFromPropagated] hostConfig); mkHost = hostConfig: (lib.pipe [propagate mkHostFromPropagated] hostConfig);
trimNull = lib.filterAttrsRecursive (name: value: value != null); trimNull = lib.filterAttrsRecursive (name: value: value != null);
flattenPubkey = lib.mapAttrs (hostName: meta_config: meta_config.metadata.ssh_pubkey); flattenPubkey = lib.mapAttrs (hostName: meta_config: meta_config.metadata.ssh_pubkey);
=======
mkHost = hostConfig: (lib.pipe hostConfig [propagate mkHostFromPropagated]);
>>>>>>> 4619ea4 (rekey)
in { in {
nixosConfigurations = lib.mapAttrs (name: hostConfig: mkHost hostConfig) config; inherit config;
# nixosConfigurations = lib.mapAttrs (name: hostConfig: mkHost hostConfig) config;
nixosConfigurations = {};
debug = {
propagated = lib.mapAttrs (name: hostConfig: propagate hostConfig) config;
};
# {bao = "ssh-ed25519 ..."; another_host = "ssh-rsa ...";} # {bao = "ssh-ed25519 ..."; another_host = "ssh-rsa ...";}
pubKeys = lib.getPubkey config; hostKeys = trimNull (flattenPubkey config);
} }

View File

@ -1,30 +1,22 @@
{pkgs {pkgs
# ,nixpkgs ,nixpkgs
,proj_root ,proj_root
# ,agenix ,agenix
,nixosDefaultVersion? "22.05" ,nixosDefaultVersion? "22.05"
,defaultSystem? "x86_64-linux" ,defaultSystem? "x86_64-linux"
,...}@inputs: let ,...}@inputs: let
lib = pkgs.lib; lib = pkgs.lib;
inputs_w_lib = (inputs // {inherit lib;}); serde = import ./serde.nix inputs // {inherit lib;};
serde = import ./serde.nix inputs_w_lib;
shellAsDrv = {script, pname}: (pkgs.callPackage (
# just a pattern that we must remember: args to this are children of pkgs.
{writeShellScriptBin}: writeShellScriptBin pname script
) {});
trimNull = lib.filterAttrs (name: value: value != null);
# ssh
flattenPubkey = lib.mapAttrs (_identity: meta_config: lib.attrByPath ["metadata" "ssh_pubkey"] null meta_config);
getPubkey = config: (lib.pipe config [flattenPubkey trimNull]);
# procedure = # procedure =
in { in {
# short-hand to create a shell derivation # short-hand to create a shell derivation
# NOTE: this is pure. This means, env vars from devShells might not # NOTE: this is pure. This means, env vars from devShells might not
# be accessible unless MAYBE they are `export`ed # be accessible unless MAYBE they are `export`ed
inherit shellAsDrv trimNull flattenPubkey getPubkey; shellAsDrv = {script, pname}: (pkgs.callPackage (
ssh = { # just a pattern that we must remember: args to this are children of pkgs.
inherit flattenPubkey getPubkey; {writeShellScriptBin}: writeShellScriptBin pname script
}; ) {});
# Configures hosts as nixosConfiguration # Configures hosts as nixosConfiguration
# mkHost = {hostName # mkHost = {hostName
# , nixosBareConfiguration # , nixosBareConfiguration

View File

@ -1,6 +0,0 @@
{
imports = [./gpu.sys.nix];
boot.initrd.kernelModules = [ "amdgpu" ];
services.xserver.enable = true;
services.xserver.videoDrivers = [ "amdgpu" ];
}

View File

@ -1,7 +1,6 @@
{pkgs {pkgs
,lib ,lib
,proj_root ,proj_root
,...
}:{ }:{
imports = [ imports = [
./minimal.sys.nix ./minimal.sys.nix

View File

@ -1,12 +0,0 @@
{ pkgs, ... }: {
environment.systemPackages = [ pkgs.clinfo pkgs.lshw pkgs.glxinfo pkgs.pciutils pkgs.vulkan-tools ];
hardware.opengl = {
enable = true;
extraPackages = [ pkgs.rocm-opencl-icd pkgs.rocm-opencl-runtime ];
# Vulkan
driSupport = true;
driSupport32Bit = true;
package = pkgs.mesa.drivers;
package32 = pkgs.pkgsi686Linux.mesa.drivers;
};
}

View File

@ -1,8 +1,7 @@
{ pkgs { pkgs
, my-lib , lib
,...
}: { }: {
environment.noXlibs = my-lib.mkForce false; environment.noXlibs = lib.mkForce false;
# TODO: wireless networking # TODO: wireless networking
# Enable the X11 windowing system. # Enable the X11 windowing system.

View File

@ -1,15 +1,12 @@
{pkgs {pkgs
,lib ,lib
,proj_root ,proj_root
,modulesPath
,...
}:{ }:{
imports = ["${modulesPath}/profiles/minimal.nix"];
# prune old builds after a while # prune old builds after a while
nix.settings.auto-optimise-store = true; nix.settings.auto-optimize-store = true;
nix.package = pkgs.nixFlakes; # nix flakes nix.package = pkgs.nixFlakes; # nix flakes
nix.extraOptions = '' nix.extraOptions = ''
experimental-features = nix-command flakes experimental=feature = nix-command flakes
''; '';
programs.neovim = { programs.neovim = {
enable = true; enable = true;
@ -25,6 +22,6 @@
]; ];
users.users.root = { users.users.root = {
# openssh runs in root, no? This is because port < 1024 requires root. # openssh runs in root, no? This is because port < 1024 requires root.
openssh.authorizedKeys.keys = lib.strings.splitString "\n" (builtins.readFile "${proj_root.configs.path}/ssh/authorized_keys"); openssh.authorizedKeys.keys = lib.strings.splitString "\n" (builtins.readFile "${proj_root}/ssh/authorized_keys");
}; };
} }

View File

@ -1,7 +1,6 @@
{pkgs {pkgs
,lib ,lib
,config ,config
,...
}: { }: {
environment.systemPackages = [pkgs.mosh]; environment.systemPackages = [pkgs.mosh];
networking.firewall = lib.mkIf config.networking.firewall.enable { networking.firewall = lib.mkIf config.networking.firewall.enable {

View File

@ -1,7 +0,0 @@
{config,...}: {
imports = [./gpu.sys.nix];
nixpkgs.config.allowUnfree = true;
services.xserver.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable;
}

View File

@ -1,5 +1,8 @@
{proj_root {agenix
,...}: { ,proj_root}: {
imports = [
agenix.nixosModule
];
age.secrets.s3fs = { age.secrets.s3fs = {
file = "${proj_root.secrets.path}/s3fs.age"; file = "${proj_root.secrets.path}/s3fs.age";
# mode = "600"; # owner + group only # mode = "600"; # owner + group only
@ -12,8 +15,5 @@
age.secrets._nhitrl_cred = { age.secrets._nhitrl_cred = {
file = "${proj_root.secrets.path}/_nhitrl.age"; file = "${proj_root.secrets.path}/_nhitrl.age";
}; };
age.secrets."wifi.env" = { environment.systemPackages = [agenix.defaultPackage.x86_64-linux];
file = "${proj_root.secrets.path}/wifi.env.age";
};
# environment.systemPackages = [agenix.defaultPackage.x86_64-linux];
} }

View File

@ -1,6 +1,6 @@
{ {
services.openssh = { services.openssh = {
enable = true; enable = true;
permitRootLogin = "no"; permitRootLogin = false;
}; };
} }

View File

@ -1,5 +1,5 @@
# Personal configuration on storage solution # Personal configuration on storage solution
{ pkgs, config, lib,... }: { { pkgs, config, lib }: {
environment.systemPackages = [ environment.systemPackages = [
pkgs.s3fs pkgs.s3fs
pkgs.cifs-utils pkgs.cifs-utils

View File

@ -1,8 +0,0 @@
{config,...}: {
networking.wireless.enable = true;
networking.wireless.environmentFile = config.age.secrets."wifi.env";
networking.wireless.networks = {
"Hoang Sa".psk = "@DESERT_PSK@";
"Truong Sa".psk = "@DESERT_PSK@";
};
}

View File

@ -230,7 +230,7 @@
}; };
amd_rx470 = { amd_rx470 = {
# early amd gpu usage # early amd gpu usage
boot.initrd.kernelModules = ["amdgpu"]; # boot.initrd.kernelModules = ["amdgpu"];
services.xserver.enable = true; services.xserver.enable = true;
services.xserver.videoDrivers = ["amdgpu"]; services.xserver.videoDrivers = ["amdgpu"];
}; };

View File

@ -19,10 +19,10 @@ fi
SCRIPT_DIR=$(realpath $(dirname $0)) SCRIPT_DIR=$(realpath $(dirname $0))
echo "SCRIPT_DIR: ${SCRIPT_DIR}" echo "SCRIPT_DIR: ${SCRIPT_DIR}"
SYSNIX_DIR="${SCRIPT_DIR}/.." SYSNIX_DIR="${SCRIPT_DIR}/../nix-conf/system"
# Copy hardware-configuration of existing machine onto our version control # Copy hardware-configuration of existing machine onto our version control
SYSNIX_PROF="${SYSNIX_DIR}/hosts/${HOSTNAME}" SYSNIX_PROF="${SYSNIX_DIR}/profiles/${HOSTNAME}"
HARDWARE_CONF="${SYSNIX_PROF}/hardware-configuration.nix" HARDWARE_CONF="${SYSNIX_PROF}/hardware-configuration.nix"
if [ ! -f "${HARDWARE_CONF}" ]; then if [ ! -f "${HARDWARE_CONF}" ]; then
mkdir "$SYSNIX_PROF" mkdir "$SYSNIX_PROF"

View File

@ -1,21 +1,10 @@
let (import
inherit ((import (
( let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in
let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in fetchTarball {
fetchTarball { url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; sha256 = lock.nodes.flake-compat.locked.narHash;
sha256 = lock.nodes.flake-compat.locked.narHash; }
} )
) { src = ./.; }
{ src = ./.; } ).defaultNix.secrets
).defaultNix) secrets;
inherit (secrets) pubKeys;
inherit (pubKeys) users hosts;
all = users // hosts;
c_ = builtins;
in {
"secrets/s3fs.age".publicKeys = c_.attrValues (all);
"secrets/s3fs.digital-garden.age".publicKeys = c_.attrValues (all);
"secrets/_nhitrl.age".publicKeys = c_.attrValues (all);
"secrets/wifi.env.age".publicKeys = c_.attrValues (all);
}

Binary file not shown.

View File

@ -1,10 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 ahbzMg Lx4TLKDZ2yk3DQsM6nOOI1o+FHu0lNtT2p3PBdao+C4 -> ssh-ed25519 ahbzMg 6pTVLAgOY/JZVWiCFHLo8xQ4/CL6620IMaBRpqI8Wws
RsTScUeLmFrO6v1OOxBbyBCMBMVhsGrtu5W9iMOw8B0 CtJeQuy5VzKZhJnIH+/cjlKsAcg0RY2bhHTWVm+hUOY
-> ssh-ed25519 glsjZQ CdLCkzb1dBoG9gYdMisaZBZT+nnzfOX326CWq6cvN1s -> ssh-ed25519 glsjZQ we7RCgsnODTJ8rKYhU+9tu0DmLH+98mcQKQ3I2slikM
UKGCxej9lZnLzsuFJnFOMpyrz7YzJrHcrFuDz8l8RQk G81lsFLQR9polxme1K/MU2d8Y01PrTqtzJnVq0EMJF0
-> U<J-grease + A6h/F, 'mix -> |-grease B\W,I9z ^Gx;$ Kk7!4,P
jpEa7b7rRo6bVpTr19c5ALOfaeiP0jldtpQBRWfJnma3VSo3kkDQpfa3RvPjZfD8 0Jl5Lhx7R8YOs9S+hUtQDDpNIqBhC/MM0N7w1MCtwYtkIIIWKfY9jkJ7+Cew2Ee5
Eg9Zb03MKMUAJnWwfLCXVFQqEVpSaIwI+ujLZ5Cm Qb04jnE
--- /a+J/jeGoWwuNvDEAIGzU0WKx86oH+YRTnSexf+8NP4 --- b7AXWRgK45a/91iwmwt5g+CWOlU/2f4nUDfXlg/bs9A
!]FµO¬Jv”žó%×-ŻtÚŹŘťuzčB­É˙}ś‡Ő"C\;D (ľ‡ĂFŠÎ®j®ëA7&ąü<C485>˛?é.ć…J•áBa»„ąŽ˛[ŘdXrŢŚO ¢²%;Þ3RmQÚWhpÌVŠ;º×®¡¥VÍÚñ[zš9al¦±=cLêüva<>ëu7é,†tø±ýUܶh^&å‰Ö¿WåJP6-ÇÒ£ n-ˆ¿=™]

Binary file not shown.

Binary file not shown.

View File

@ -1,12 +0,0 @@
{lib,...}@inputs: let
config = {
hungtr.metadata = {
};
"hungtr@bao".metadata = {
ssh_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+1+gps6phbZboIb9fH51VNPUCkhSSOAbkI3tq3Ou0Z";
};
};
in {
homeConfigurations = {};
pubKeys = lib.getPubkey config;
}